origin remote in .git/config in the current directory, reads your saved token, and hands the value to gh secret set, which encrypts it locally before uploading. When it finishes, it prints the repository’s settings URL where the secret can be seen.
This command shells out to the GitHub CLI (
gh), so gh must be installed and on your PATH. It performs the local encryption GitHub requires before the secret is sent.github:credentials:create. The token is read from ~/.talos/credentials/github.yml and passed to gh through GH_TOKEN, so it authenticates with your stored token rather than a separate gh auth login.
Usage
owner/repo slug is taken from that repository’s origin remote.
Examples
Run with no flags to be prompted for the secret name and value (the value input is hidden):Options
| Option | Description | Default |
|---|---|---|
--name | Name of the GitHub Actions secret to create or update. | Prompted if omitted |
--value | Value to store for the secret. | Prompted (hidden) if omitted |
--silent | Suppress the spinner, success message, and settings URL. | false |
origin remote in .git/config — HTTPS (https://github.com/owner/repo.git) and SSH (git@github.com:owner/repo.git) remotes are both reduced to the owner/repo slug. The command fails if it cannot find a GitHub token, cannot determine the repository from .git/config, or gh secret set returns an error.
This is a convenient way to populate the CI secrets referenced throughout deployment — for example DOCKER_TOKEN, NPM_TOKEN, or PROD_SSH_KEY.